CloudBleed: Guess What? There was 0-day protection
About CloudBleed
If you aren’t familiar with CloudBleed, take a moment to read the following articles to get an understanding how it was found, what happened, and what PII/PCI data was (possibly) ...
Published Feb 27, 2017
Version 1.0
chris888_147181
Nimbostratus
NimbostratusGreat article and write up. Presumably then when this is encrypted client side, the appropriate decryption happens within Websafe?
I am curious about this with regards to how it is set up for specific web apps. Would it be correct to say that the device needs to be told about all such fields?
Also, does this fully mitigate all issues noted with Cloudbleed? As in, we can see that clearly it can prevent the clear text caching of credentials, but this is only a small part of the issue...can you tell Websafe about session cookies and does mitigate session hijacking in the same way and prevent replay with randomisation?
Thanks :)